misp-circl-feed/feeds/circl/misp/576d3a39-fe90-4921-85cc-4e3c950d210f.json

1821 lines
No EOL
74 KiB
JSON

{
"type": "bundle",
"id": "bundle--576d3a39-fe90-4921-85cc-4e3c950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T15:14:20.000Z",
"modified": "2016-06-24T15:14:20.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--576d3a39-fe90-4921-85cc-4e3c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T15:14:20.000Z",
"modified": "2016-06-24T15:14:20.000Z",
"name": "Malspam 2016-06-24 (Locky)",
"published": "2016-06-24T15:18:16Z",
"object_refs": [
"indicator--576d3a7e-6310-4ee7-9f59-471f950d210f",
"indicator--576d3a7e-64ec-498d-bd9d-4746950d210f",
"indicator--576d3a7e-ba14-4f53-b6fb-477c950d210f",
"indicator--576d3a7e-4c04-45d7-8485-4049950d210f",
"indicator--576d3a7f-85f8-477a-b3dc-469b950d210f",
"indicator--576d3a7f-dfd0-4cfe-8b0b-4c2f950d210f",
"indicator--576d3a7f-4d20-40c8-bc64-4dbf950d210f",
"indicator--576d3a7f-8420-4614-b5d1-48b0950d210f",
"indicator--576d3a7f-d254-40f6-bb7d-493a950d210f",
"indicator--576d3a7f-44fc-4b9f-b93b-4128950d210f",
"indicator--576d3a80-ab58-41e6-a6ae-43aa950d210f",
"indicator--576d3a80-c5dc-4e40-800d-47b1950d210f",
"indicator--576d3a80-65fc-4439-84d1-400e950d210f",
"indicator--576d3a80-9df0-410e-a14d-4414950d210f",
"indicator--576d3a80-4a84-4fb6-9bf4-42db950d210f",
"indicator--576d3a81-9874-4f9a-9f07-4d3b950d210f",
"indicator--576d3a81-7e20-4a84-8b50-4dc9950d210f",
"indicator--576d3a81-b5dc-4bcc-8511-477e950d210f",
"indicator--576d3a81-1d08-4015-aa0d-46e9950d210f",
"indicator--576d3a81-f694-45c2-b51d-41cb950d210f",
"indicator--576d3a82-04e4-45a7-beca-492a950d210f",
"indicator--576d3a82-6618-42a0-93e3-4684950d210f",
"indicator--576d3a82-1a34-46eb-be96-4b16950d210f",
"indicator--576d3a82-5728-4d88-b437-4732950d210f",
"indicator--576d3a82-fcc4-49ad-b937-4829950d210f",
"indicator--576d3a83-7dd0-4bb2-b061-4da6950d210f",
"indicator--576d3a83-5c4c-4559-977f-4d45950d210f",
"indicator--576d3a83-697c-446c-bfca-4d04950d210f",
"indicator--576d3a83-898c-4997-add0-4c2c950d210f",
"indicator--576d3a83-c95c-456c-97ae-46ba950d210f",
"indicator--576d3a83-6ba8-4f2b-bc4f-4c94950d210f",
"indicator--576d3a84-ebc0-4d8c-91d2-4cfe950d210f",
"indicator--576d3a84-3278-4c82-987f-4a18950d210f",
"indicator--576d3a84-6808-4055-966c-410b950d210f",
"indicator--576d3a84-2a34-4d9f-aada-41ab950d210f",
"indicator--576d3a85-7b94-4c1f-8800-44a3950d210f",
"indicator--576d3a85-1194-4994-8fad-4793950d210f",
"indicator--576d3a85-b254-440d-a288-42be950d210f",
"indicator--576d3a85-cc3c-4748-bfa8-4ffe950d210f",
"indicator--576d3a85-f1f0-4d6f-903d-4df8950d210f",
"indicator--576d3a86-81b4-4d0f-b0b7-472f950d210f",
"indicator--576d3a86-3138-4c3e-8b66-440e950d210f",
"indicator--576d3a86-0920-498b-bb53-4fec950d210f",
"indicator--576d3a86-a970-430b-962e-448d950d210f",
"indicator--576d3a86-2968-4f06-a08f-47e6950d210f",
"indicator--576d3a87-e088-42bd-bed4-4f8d950d210f",
"indicator--576d3a87-6b0c-4dba-aab3-424a950d210f",
"indicator--576d3a87-6228-4809-9380-4b5c950d210f",
"indicator--576d3a87-e0c0-48de-86db-49ae950d210f",
"indicator--576d3a87-23ac-4ee2-bc10-407a950d210f",
"indicator--576d3a88-a7b0-4051-9cc7-475e950d210f",
"indicator--576d3a88-b9c4-4aa3-948e-4b3b950d210f",
"indicator--576d3a88-39fc-416c-a8fd-4836950d210f",
"indicator--576d3a88-290c-4e62-973a-4abc950d210f",
"indicator--576d3a88-d5e0-464d-8744-450d950d210f",
"indicator--576d3a89-8d14-4605-8907-4b0d950d210f",
"indicator--576d3a89-f648-442b-b188-452b950d210f",
"indicator--576d3a89-e8e8-479e-9d75-4b0d950d210f",
"indicator--576d3a89-4f3c-4512-887d-4b18950d210f",
"indicator--576d3a89-4d08-4750-b484-45d5950d210f",
"indicator--576d3a8a-5f0c-48e8-b96f-4585950d210f",
"indicator--576d3a8a-5cc4-452b-bc88-48fe950d210f",
"indicator--576d3a8a-51fc-454f-b687-4876950d210f",
"indicator--576d3a8a-385c-4573-a624-44f2950d210f",
"indicator--576d3a8a-3f9c-488c-bde0-469a950d210f",
"indicator--576d3a8a-1ec8-4579-8b13-41c6950d210f",
"indicator--576d3a8b-f06c-4b19-a406-4cb6950d210f",
"indicator--576d4e4b-6ecc-4952-bc2c-4a09950d210f",
"indicator--576d4e4b-6478-46b7-b746-495d950d210f",
"indicator--576d4e4b-c338-4d05-a6eb-4dc6950d210f",
"indicator--576d4e4c-3328-4331-9cfe-4980950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a7e-6310-4ee7-9f59-471f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:50.000Z",
"modified": "2016-06-24T13:49:50.000Z",
"description": "download location",
"pattern": "[url:value = 'http://neoventtechnologies.com/bvbebi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a7e-64ec-498d-bd9d-4746950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:50.000Z",
"modified": "2016-06-24T13:49:50.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'neoventtechnologies.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a7e-ba14-4f53-b6fb-477c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:50.000Z",
"modified": "2016-06-24T13:49:50.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.235.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a7e-4c04-45d7-8485-4049950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:50.000Z",
"modified": "2016-06-24T13:49:50.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.members.aon.at/~cfabian1/56v7o']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a7f-85f8-477a-b3dc-469b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:51.000Z",
"modified": "2016-06-24T13:49:51.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.members.aon.at']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a7f-dfd0-4cfe-8b0b-4c2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:51.000Z",
"modified": "2016-06-24T13:49:51.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.3.96.72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a7f-4d20-40c8-bc64-4dbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:51.000Z",
"modified": "2016-06-24T13:49:51.000Z",
"description": "download location",
"pattern": "[url:value = 'http://sherlock.uvishere.com/lzjgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a7f-8420-4614-b5d1-48b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:51.000Z",
"modified": "2016-06-24T13:49:51.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'sherlock.uvishere.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a7f-d254-40f6-bb7d-493a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:51.000Z",
"modified": "2016-06-24T13:49:51.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.195.124.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a7f-44fc-4b9f-b93b-4128950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:51.000Z",
"modified": "2016-06-24T13:49:51.000Z",
"description": "download location",
"pattern": "[url:value = 'http://80.109.240.71/~m.lingg/ghpeaew']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a80-ab58-41e6-a6ae-43aa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:52.000Z",
"modified": "2016-06-24T13:49:52.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.109.240.71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a80-c5dc-4e40-800d-47b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:52.000Z",
"modified": "2016-06-24T13:49:52.000Z",
"description": "download location",
"pattern": "[url:value = 'http://formateam-finance.com/3n72h']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a80-65fc-4439-84d1-400e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:52.000Z",
"modified": "2016-06-24T13:49:52.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'formateam-finance.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a80-9df0-410e-a14d-4414950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:52.000Z",
"modified": "2016-06-24T13:49:52.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.186.33.4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a80-4a84-4fb6-9bf4-42db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:52.000Z",
"modified": "2016-06-24T13:49:52.000Z",
"description": "download location",
"pattern": "[url:value = 'http://camera-test.hi2.ro/msjs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a81-9874-4f9a-9f07-4d3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:53.000Z",
"modified": "2016-06-24T13:49:53.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'camera-test.hi2.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a81-7e20-4a84-8b50-4dc9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:53.000Z",
"modified": "2016-06-24T13:49:53.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.42.39.67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a81-b5dc-4bcc-8511-477e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:53.000Z",
"modified": "2016-06-24T13:49:53.000Z",
"description": "download location",
"pattern": "[url:value = 'http://212.40.5.95/~tonex/9ln841']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a81-1d08-4015-aa0d-46e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:53.000Z",
"modified": "2016-06-24T13:49:53.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.40.5.95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a81-f694-45c2-b51d-41cb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:53.000Z",
"modified": "2016-06-24T13:49:53.000Z",
"description": "download location",
"pattern": "[url:value = 'http://217.26.70.230/~altomdo/09uom']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a82-04e4-45a7-beca-492a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:54.000Z",
"modified": "2016-06-24T13:49:54.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.26.70.230']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a82-6618-42a0-93e3-4684950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:54.000Z",
"modified": "2016-06-24T13:49:54.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.hotelmoonnightnikola.free.bg/k499xf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a82-1a34-46eb-be96-4b16950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:54.000Z",
"modified": "2016-06-24T13:49:54.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.hotelmoonnightnikola.free.bg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a82-5728-4d88-b437-4732950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:54.000Z",
"modified": "2016-06-24T13:49:54.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.40.80.188']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a82-fcc4-49ad-b937-4829950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:54.000Z",
"modified": "2016-06-24T13:49:54.000Z",
"description": "download location",
"pattern": "[url:value = 'http://camera-test.hi2.ro/kezw5md']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a83-7dd0-4bb2-b061-4da6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:55.000Z",
"modified": "2016-06-24T13:49:55.000Z",
"description": "download location",
"pattern": "[url:value = 'http://205.167.142.107/~3kelly/bqsm9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a83-5c4c-4559-977f-4d45950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:55.000Z",
"modified": "2016-06-24T13:49:55.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '205.167.142.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a83-697c-446c-bfca-4d04950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:55.000Z",
"modified": "2016-06-24T13:49:55.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.fancyupage.com/webroot/1nemk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a83-898c-4997-add0-4c2c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:55.000Z",
"modified": "2016-06-24T13:49:55.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.fancyupage.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a83-c95c-456c-97ae-46ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:55.000Z",
"modified": "2016-06-24T13:49:55.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.185.36.128']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a83-6ba8-4f2b-bc4f-4c94950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:55.000Z",
"modified": "2016-06-24T13:49:55.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.beautycollegeofamca.com/h17if71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a84-ebc0-4d8c-91d2-4cfe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:56.000Z",
"modified": "2016-06-24T13:49:56.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.beautycollegeofamca.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a84-3278-4c82-987f-4a18950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:56.000Z",
"modified": "2016-06-24T13:49:56.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.191.132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a84-6808-4055-966c-410b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:56.000Z",
"modified": "2016-06-24T13:49:56.000Z",
"description": "download location",
"pattern": "[url:value = 'http://23.229.137.8/~monkeyadvertisin/8vks94cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a84-2a34-4d9f-aada-41ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:56.000Z",
"modified": "2016-06-24T13:49:56.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.137.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a85-7b94-4c1f-8800-44a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:57.000Z",
"modified": "2016-06-24T13:49:57.000Z",
"description": "download location",
"pattern": "[url:value = 'http://emisije.sezamprodukcija.com/3o9v8rp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a85-1194-4994-8fad-4793950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:57.000Z",
"modified": "2016-06-24T13:49:57.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'emisije.sezamprodukcija.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a85-b254-440d-a288-42be950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:57.000Z",
"modified": "2016-06-24T13:49:57.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.187.199']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a85-cc3c-4748-bfa8-4ffe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:57.000Z",
"modified": "2016-06-24T13:49:57.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.cbactive.com/d8kn9vtb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a85-f1f0-4d6f-903d-4df8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:57.000Z",
"modified": "2016-06-24T13:49:57.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'www.cbactive.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a86-81b4-4d0f-b0b7-472f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:58.000Z",
"modified": "2016-06-24T13:49:58.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.171.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a86-3138-4c3e-8b66-440e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:58.000Z",
"modified": "2016-06-24T13:49:58.000Z",
"description": "download location",
"pattern": "[url:value = 'http://ws.osenilo.com/7lurx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a86-0920-498b-bb53-4fec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:58.000Z",
"modified": "2016-06-24T13:49:58.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'ws.osenilo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a86-a970-430b-962e-448d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:58.000Z",
"modified": "2016-06-24T13:49:58.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.230.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a86-2968-4f06-a08f-47e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:58.000Z",
"modified": "2016-06-24T13:49:58.000Z",
"description": "download location",
"pattern": "[url:value = 'http://sherlock.uvishere.com/jw0qtxrr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a87-e088-42bd-bed4-4f8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:59.000Z",
"modified": "2016-06-24T13:49:59.000Z",
"description": "download location",
"pattern": "[url:value = 'http://67.199.50.113/a3cs5og0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a87-6b0c-4dba-aab3-424a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:59.000Z",
"modified": "2016-06-24T13:49:59.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.199.50.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a87-6228-4809-9380-4b5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:59.000Z",
"modified": "2016-06-24T13:49:59.000Z",
"description": "download location",
"pattern": "[url:value = 'http://queza.com/buodw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a87-e0c0-48de-86db-49ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:59.000Z",
"modified": "2016-06-24T13:49:59.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'queza.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a87-23ac-4ee2-bc10-407a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:49:59.000Z",
"modified": "2016-06-24T13:49:59.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.88.57.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:49:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a88-a7b0-4051-9cc7-475e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:00.000Z",
"modified": "2016-06-24T13:50:00.000Z",
"description": "download location",
"pattern": "[url:value = 'http://noriegachiropracticclinics.com/g2isru1k']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a88-b9c4-4aa3-948e-4b3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:00.000Z",
"modified": "2016-06-24T13:50:00.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'noriegachiropracticclinics.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a88-39fc-416c-a8fd-4836950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:00.000Z",
"modified": "2016-06-24T13:50:00.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '138.229.65.9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a88-290c-4e62-973a-4abc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:00.000Z",
"modified": "2016-06-24T13:50:00.000Z",
"description": "download location",
"pattern": "[url:value = 'http://pinakfoods.com/794vi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a88-d5e0-464d-8744-450d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:00.000Z",
"modified": "2016-06-24T13:50:00.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'pinakfoods.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a89-8d14-4605-8907-4b0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:01.000Z",
"modified": "2016-06-24T13:50:01.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '160.153.35.5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a89-f648-442b-b188-452b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:01.000Z",
"modified": "2016-06-24T13:50:01.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.hotelmoonnightnikola.free.bg/mk6a3w3z']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a89-e8e8-479e-9d75-4b0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:01.000Z",
"modified": "2016-06-24T13:50:01.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.beautycollegeofamca.com/gfzbzv9j']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a89-4f3c-4512-887d-4b18950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:01.000Z",
"modified": "2016-06-24T13:50:01.000Z",
"description": "download location",
"pattern": "[url:value = 'http://layaligroup.com/3hcutyd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a89-4d08-4750-b484-45d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:01.000Z",
"modified": "2016-06-24T13:50:01.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'layaligroup.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a8a-5f0c-48e8-b96f-4585950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:02.000Z",
"modified": "2016-06-24T13:50:02.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.51.16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a8a-5cc4-452b-bc88-48fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:02.000Z",
"modified": "2016-06-24T13:50:02.000Z",
"description": "download location",
"pattern": "[url:value = 'http://salisburyjc.com/2l72hnm2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a8a-51fc-454f-b687-4876950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:02.000Z",
"modified": "2016-06-24T13:50:02.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'salisburyjc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a8a-385c-4573-a624-44f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:02.000Z",
"modified": "2016-06-24T13:50:02.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.116.77.52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a8a-3f9c-488c-bde0-469a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:02.000Z",
"modified": "2016-06-24T13:50:02.000Z",
"description": "download location",
"pattern": "[url:value = 'http://kksokol.euweb.cz/2d0b27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a8a-1ec8-4579-8b13-41c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:02.000Z",
"modified": "2016-06-24T13:50:02.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'kksokol.euweb.cz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d3a8b-f06c-4b19-a406-4cb6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T13:50:03.000Z",
"modified": "2016-06-24T13:50:03.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.86.117.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T13:50:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d4e4b-6ecc-4952-bc2c-4a09950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T15:14:19.000Z",
"modified": "2016-06-24T15:14:19.000Z",
"description": "download location",
"pattern": "[url:value = 'http://210.116.102.7/2s4x7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T15:14:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d4e4b-6478-46b7-b746-495d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T15:14:19.000Z",
"modified": "2016-06-24T15:14:19.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.116.102.7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T15:14:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d4e4b-c338-4d05-a6eb-4dc6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T15:14:19.000Z",
"modified": "2016-06-24T15:14:19.000Z",
"description": "download location",
"pattern": "[url:value = 'http://217.26.70.100/~rollbar/f4duk2jd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T15:14:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576d4e4c-3328-4331-9cfe-4980950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-24T15:14:20.000Z",
"modified": "2016-06-24T15:14:20.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.26.70.100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-24T15:14:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}